diff mbox

[dpdk-dev,1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port

Message ID 1528208163-31560-1-git-send-email-konstantin.ananyev@intel.com (mailing list archive)
State Accepted, archived
Delegated to: Pablo de Lara Guarch
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK

Commit Message

Ananyev, Konstantin June 5, 2018, 2:16 p.m. UTC 
  For outbound ports BYPASS rule is erroneously treated as PROTECT one
with SA idx zero.

Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI value")

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Akhil Goyal June 21, 2018, 1:25 p.m. UTC | #1 
On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:

> For outbound ports BYPASS rule is erroneously treated as PROTECT one
> with SA idx zero.
>
> Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI value")
>
> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> ---
>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
De Lara Guarch, Pablo July 24, 2018, 4:30 p.m. UTC | #2 
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Akhil Goyal
> Sent: Thursday, June 21, 2018 2:26 PM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> Subject: Re: [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule
> processing for outbound port
> 
> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
> 
> > For outbound ports BYPASS rule is erroneously treated as PROTECT one
> > with SA idx zero.
> >
> > Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI
> > value")
> >
> > Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> > ---
> >
> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

Applied this patch to dpdk-next-crypto.
The other patch of the series is still under discussion, so it will need to target RC3.

Thanks,
Pablo
diff mbox

Patch

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index a5da8b280..fafb41161 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -510,11 +510,13 @@  outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
 		sa_idx = ip->res[i] & PROTECT_MASK;
 		if (ip->res[i] & DISCARD)
 			rte_pktmbuf_free(m);
+		else if (ip->res[i] & BYPASS)
+			ip->pkts[j++] = m;
 		else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
 			ipsec->res[ipsec->num] = sa_idx;
 			ipsec->pkts[ipsec->num++] = m;
-		} else /* BYPASS */
-			ip->pkts[j++] = m;
+		} else /* invalid SA idx */
+			rte_pktmbuf_free(m);
 	}
 	ip->num = j;
 }